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PATENT 



This listing of claims will replace all prior versions, and listings, of claims in the application. 
Listing of Claims: 

1 . (Original) A method of generating a manifest that govems the execution of a software 
object, the method comprising: 

receiving a specification indicative of requirements for the execution of the 
software object, the specification referring to one or more components; 

generating a manifest based on said specification, including accessing said one 
or more components, said manifest comprising one or more rules governing what may be 
loaded into an address space of the software object. 

2. (Original) The method of claim 1, wherein said specification identifies one or more 
modules, and wherein generating the manifest comprises including, in said manifest, the 
identities of the one or more modules identified in the specification. 

3. (Original) The method of claim 2, wherein said specification indicates that a first one of 
said one or more modules may be loaded into the address space of the software object, and 
wherein generating the manifest comprises including the identity of said first one of said one 
or more modules on list of acceptable modules. 

4. (Original) The method of claim 2, wherein said specification indicates that a first one of 
said one or more modules may not be loaded into the address space of the software object, 
and wherein generating the manifest comprises including in the manifest a datum that 
identifies said first one of said one or more modules. 

5. (Currently Amended) The method of claim 2 4, wherein said datum comprises a hash of 
said first one of said one or more modules. 

6. (Original) The method of claim 2, wherein said specification indicates whether said 
manifest will contain hashes of said one or more modules. 
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7. (Original) The method of claim I, wherein said one or more components comprise a key, 
wherein said specification indicates either that modules signed with said key may be loaded 
into said address space or that modules signed with said key may not be loaded into said 

address space, and wherein generating said manifest comprises: 

retrieving said key from a file identified in said specification; and 
including said key in said manifest. 

8. (Original) The method of claim 1, wherein said one or more components comprise a 
module, wherein said specification indicates that said module may not be loaded into said 
address space, and wherein generating said manifest comprises: 

computing a hash of said module; and 
including said hash in said manifest. 

9. (Original) The method of claim 1, wherein said generating act comprises: 

based on said specification, creating a data structure representative of said 
specification; and 

generating said manifest based on said data structure. 

10. (Original) The method of claim 1, further comprising: 

receiving a key associated with a vendor or distributor of said software object; 
signing said manifest with said to produce a digital signature; and 
including said digital signature in said manifest. 

11. (Original) The method of claim 1, further comprising: 

using a hardware security module to sign said manifest, said hardware security 
module being adapted to apply a key associated with a vendor or distributor of said software 
object without revealing said key outside said hardware security module. 

12. (Original) A computer-readable medium encoded with computer-executable instructions 
to perform a method of generating a manifest, the method comprising: 

parsing a specification of requirements to be included in the manifest, the 
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requirements defining a policy that governs what can be loaded into an address space of a 
software object associated with the manifest; 

accessing one or more components that are identified by the specification and 
that are external to the specification; and 

generating a manifest based on at least one of the accessed objects. 

13. (Original) The computer-readable medium of claim 12, wherein said one or more 
components comprise an executable module, and wherein generating said manifest 
comprises: 

including in said manifest an identification of said executable module and an 
indication that either: 

said executable module may be loaded into said address space; or 
said executable module may not be loaded into said address space. 

14. (Original) The computer-readable medium of claim 13, wherein said identification of 
said executable module comprises a hash of said executable module. 

15. (Original) The computer-readable medium of claim 12, wherein said one or more 
components comprise a key, wherein said specification indicates either that modules signed 
with said key may be loaded into said address space or that modules signed with said key 
may not be loaded into said address space, and wherein generating said manifest comprises: 

retrieving said key from a file identified in said specification; and 
including said key in said manifest. 

16. (Original) The computer-readable medium of claim 12, wherein the method further 
comprises: 

receiving a key associated with a vendor or distributor of said software object; 
signing said manifest with said to produce a digital signature; and 
including said digital signature in said manifest. 



Page 4 of 15 



DOCKET NO.: MSFT-25 69/305 143.1 PATENT 

Application No.: 10/658,149 

Office Action Dated: September 19, 2007 

17. (Original) A method of specifying constraints on the use of software comprising: 

creating a specification conceming what may be loaded into an address space 
of the software, the specification referring to one or more components that are extemal to the 
software and extemal to the specification; 

using a manifest generation tool to generate a manifest based on the 
specification, wherein the manifest generation tool does at least one of: 

including, in said manifest, data from one of said one or more 

components; or 

computing a value based on one of said one or more components and 
including the computed value in said manifest; and 

distributing the generated manifest with the software, wherein the manifest 
comprises rules describing what may be loaded into the address space of the software. 

18. (Original) The method of claim 17, wherein said one or more components comprises a 
module, wherein said specification indicates either that said module may be loaded into said 
address space or that said module may not be loaded into said address space, and wherein 
said manifest generation tool does at least one of: 

including an identifier of said module in said manifest; or 
computing a hash of said module and including the hash in said 

manifest. 

19. (Original) The method of claim 17, wherein said one or more components comprise a 
key, wherein said specification indicates either that modules signed with said key may be 
loaded into said address space or that modules signed with said key may not be loaded into 
said address space, and wherein said manifest generation tool retrieves said key from a file 
identified in said specification, and includes a certificate for said key in said manifest. 

20. (Original) The method of claim 17, wherein said manifest generation tool creates an 
intermediate data structure representative of said specification, and generates said manifest 
based on said intermediate data structure. 
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21. (Original) The method of claim 17, wherein the method further comprises: 

receiving a key from further comprising: 

receiving a key associated with a vendor or distributor of the software; 
signing said manifest with said to produce a digital signature; and 
including said digital signature in said manifest. 

22. (Original) The method of claim 17, further comprising: 

using a hardware security module to sign said manifest, said hardware security 
module being adapted to apply a key associated with a vendor or distributor of the software 
without revealing said key outside said hardware security module. 

23. (Original) A system for generating a manifest comprising: 

a first parser that receives a manifest specification indicative of requirements 
for a manifest, the first parser generating a representation of said requirements, said 
requirements relating to what may be loaded into an address space of a software object, said 
specification referring to one or more components external to said software and external to 
said specification; 

a first manifest generator that generates a manifest based on said 
representation and includes in said manifest information contained in, or computed based on, 
said one or more components. 

24. (Original) The system of claim 23, wherein said one or more components comprise a 
module, and wherein said first manifest generator generates said manifest by including, in 
said manifest, a datum that identifies said module. 

25. (Currently Amended) The system of claim 2^ 24, wherein said datum comprises a hash 
of said module. 

26. (Original) The system of claim 23, wherein said one or more components comprise a 
key, wherein said specification indicates either that modules signed with said key may be 
loaded into said address space or that modules signed with said key may not be loaded into 
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said address space, and wherein said first manifest generator retrieves said key from a file 
identified in said specification and includes said key in said manifest. 

27. (Original) The system of claim 23, wherein said first manifest generator generates a 
digital signature for said manifest by signing said manifest with a key associated with a 
vendor or distributor of said software object, and includes said digital signature in said 
manifest. 

28. (Original) The system of claim 27, further comprising: 

a hardware security module that applies said key without revealing said key 
outside said hardware security module, said first manifest generating using said hardware 
security module to generate said digital signature. 

29. (Original) The system of claim 23, further comprising: 

a second parser that receives a manifest specification indicative of 

requirements for a manifest, the second parser generating a representation of said 
requirements in the same format as said first parser, 

wherein said first parser parses specifications in a first format and second parser parses 
specifications in a second format different from said first format, and wherein first manifest 
generator generates said manifest based on a representation produced either by said first 
parser or said second parser. 

30. (Original) The system of claim 23, further comprising: 

a second manifest generator that generates a manifest based on said 
representation, wherein said first manifest generator generates a manifest in a first format and 
second manifest generator generates a manifest in a second format different from said first 
format. 
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